-- the server's clock is synchronized with
- [NTP](https://en.wikipedia.org/wiki/Network_Time_Protocol)
-
-The host where the API client is invoked should also be synchronized with NTP,
-see [token expiration](#payload).
-
-## Authentication
-
-All requests to Shaarli's API must include a JWT token to verify their authenticity.
-
-This token has to be included as an HTTP header called `Authentication: Bearer <jwt token>`.
-
-JWT resources :
-
-- [jwt.io](https://jwt.io) (including a list of client per language).
-- RFC : https://tools.ietf.org/html/rfc7519
-- https://float-middle.com/json-web-tokens-jwt-vs-sessions/
-- HackerNews thread: https://news.ycombinator.com/item?id=11929267
-
-
-### Shaarli JWT Token
-
-JWT tokens are composed by three parts, separated by a dot `.` and encoded in base64:
-
-```
-[header].[payload].[signature]
-```
-
-#### Header
-
-Shaarli only allow one hash algorithm, so the header will always be the same:
-
-```json
-{
- "typ": "JWT",
- "alg": "HS512"
-}
-```
-
-Encoded in base64, it gives:
-
-```
-ewogICAgICAgICJ0eXAiOiAiSldUIiwKICAgICAgICAiYWxnIjogIkhTNTEyIgogICAgfQ==
-```
-
-#### Payload
-
-**Token expiration**
-
-To avoid infinite token validity, JWT tokens must include their creation date
-in UNIX timestamp format (timezone independent - UTC) under the key `iat` (issued at).
-This token will be valid during **9 minutes**.
-
-```json
-{
- "iat": 1468663519
-}
-```
-
-See [RFC reference](https://tools.ietf.org/html/rfc7519#section-4.1.6).
-